server/qa/api/auth.go

package api

import (
	"log"
	"net/http"
	"os"
	"path"
	"strconv"

	"github.com/gin-gonic/gin"
)

var (
	Simulator    string
	TeamsDir     string
	ManagerUsers []string
)

func authMiddleware(access ...func(string, int64, *gin.Context) bool) gin.HandlerFunc {
	return func(c *gin.Context) {
		ficteam := Simulator
		if t := c.Request.Header.Get("X-FIC-Team"); t != "" {
			ficteam = t
		}

		var teamid int64
		var err error

		if ficteam == "" {
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": "Need to authenticate"})
			return
		} else if teamid, err = strconv.ParseInt(ficteam, 10, 64); err != nil {
			if lnk, err := os.Readlink(path.Join(TeamsDir, ficteam)); err != nil {
				log.Printf("[ERR] Unable to readlink %q: %s\n", path.Join(TeamsDir, ficteam), err)
				c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Unable to validate authentication."})
				return
			} else if teamid, err = strconv.ParseInt(lnk, 10, 64); err != nil {
				log.Printf("[ERR] Error during ParseInt team %q: %s\n", lnk, err)
				c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Unable to validate authentication."})
				return
			}
		}

		// Check access limitation
		for _, a := range access {
			if !a(ficteam, teamid, c) {
				return
			}
		}

		// Retrieve corresponding user
		c.Set("LoggedUser", ficteam)
		c.Set("LoggedTeam", teamid)

		// We are now ready to continue

		c.Next()
	}
}